Kemp: secure remote access to LoadMaster

kemp-secure-remote-access-loadmaster-01

To increase the security level of your Kemp load balancer, you can secure remote access to LoadMaster by isolating the administrative access to a separate interface.

By default, the LoadMaster uses the IP address associated with eth0 to remote access the Web User Interface (WUI). In a common scenario both Virtual Service address and the administrative WUI address resides in the same subnet and in the same interface.

Isolating the administrative access to a dedicated interface with its own subnet or VLAN is considered a best practice.

 

Secure remote access to LoadMaster

Before powering on the Kemp LoadMaster, you need to add a new NIC interface to the appliance to separate the management traffic.

 

Add a new NIC interface

Right click the Kemp appliance and select Edit Settings.

kemp-secure-remote-access-loadmaster-02

Click Add New Device and select Network Adapter option under Network.

kemp-secure-remote-access-loadmaster-03

Associate the new NIC with the management network, enable the Connect At Power On option and make sure VMXNET 3 is selected as Adapter Type. Click OK to save the configuration.

kemp-secure-remote-access-loadmaster-04

Login to the Kemp LoadMaster.

kemp-secure-remote-access-loadmaster-05

 

Configure the new NIC

Access the System Configuration area and under Network Setup select the new eth interface (eth2 in the example). Specify the IP address to use for the Interface Address and click Set Address.

kemp-secure-remote-access-loadmaster-06

Click OK to confirm.

kemp-secure-remote-access-loadmaster-07

The new IP Address is being set.

kemp-secure-remote-access-loadmaster-08

The new IP address has been configured successfully.

kemp-secure-remote-access-loadmaster-09

 

Secure the remote access

Now access the Certificate & Security > Remote Access area. From the Allow Web Administrative Access drop-down list select the IP address associated to your management network.

kemp-secure-remote-access-loadmaster-10

Click OK to confirm.

kemp-secure-remote-access-loadmaster-11

Also the Allow Remote SSH Access option should be configured to the management network to restrict the SSH access because by default it allows the access on any interface address. Specify the Admin Default Gateway associated with your management network then click Set Administrative Access button. Be careful since you lose the connectivity to your appliance.

kemp-secure-remote-access-loadmaster-12

Click OK to confirm. The IP Address to manage the LoadMaster is now switched to the new subnet.

kemp-secure-remote-access-loadmaster-13

To test the new configuration, enter the new IP Address/DNS Name in your favorite browser. The Web User Interface of your LoadMaster is now accessible from the management network specified during the configuration.

kemp-secure-remote-access-loadmaster-14

This configuration helps to increase the security level of your appliance and secure your LoadMaster from potential intruders.

Kemp LoadMaster is available to download also as free edition.

signature

Leave a Reply